Cyber resilience

Essential to the delivery of smart public services


Technology has changed the face of the public sector, with trends like the Internet of things (IoT) shaking the very foundation of the way business is done. But as the world becomes more connected, security risks increase rapidly.

Having a plethora of connected devices has provided an avenue that welcomes improved efficiency, productivity, and accessibility. Governments all over the world have visions for smart cities, where investment in the cloud, analytics and intelligent infrastructure can help optimise public services. African cities are well-positioned to become smart, as our young, tech-savvy populations increasingly move into urban areas. We also have the advantage of not having a cumbersome legacy infrastructure, so we’re able to leapfrog and embrace new technologies that will aid in making services more efficient.

South Africa has seen the public sector embrace innovation and technological evolution. While plans to make our major metros ‘smart’ are only at the beginning stages of implementation, the necessary steps are being taken by many departments to begin their digital transformation journey. The cloud has been a major driver in this shift as it holds the power of collaboration and information sharing. This is at the heart of any service trying to be more efficient. Government departments all need to work together intimately on a daily basis and figure out how to cut costs and boost productivity. So, a cloud-first model is a natural progression for IT infrastructure. In fact, it’s not too farfetched to think that soon, most, if not all organisations in the public sector, will be fully reliant on cloud services, like Office 365, to function effectively and meet the increasing demands of the communities they serve.

But as governments become more connected and ‘smarter’, we also have to acknowledge that cybersecurity becomes an increasing concern. It’s one thing to improve service delivery through improved collaboration, using cloud platforms and implementing smart technology, but a cyber attack could shut down the delivery of services entirely.

Having everything connected and stored online has the unfortunate drawback of giving cyber criminals opportunities to wreak havoc. They can disrupt the flow of operations, obtain private information and perform other nefarious deeds. Cyber threats are especially worrying for the public sector because it not only stores the data of millions, but society relies on it to function.

Sensitive data under attack

The healthcare industry is the perfect example to illustrate the benefits of cloud technology and IoT. It also illustrates the danger that looms because organisations in this sector store particularly sensitive information about their patients. File cabinets and archaic IT infrastructures are becoming obsolete and patient data is now stored in the cloud. This way, doctors can access and share information, make more informed decisions and offer improved, personalised treatments, quicker.

However, private data is extra lucrative for cyber criminals because they can sell medical records on the black market for premium prices and at a higher fee than credit card information. Passwords and banking details can be changed but personal information pertaining to allergies, ailments and mental health cannot. This makes medical data especially enticing and, thus, the industry is highly targeted.

Medical equipment is also a concern. Who could forget the WannaCry outbreak that occurred last year? The ransomware attack struck a number of organisations across the world, including the National Health Service hospitals in England and Scotland, which not only compromised personal patient information but also gave hackers potential access to 70 000 devices, including computers, MRI scanners, theatre equipment and more.

Having private data accessed and exploited is definitely a cause for concern. But when you consider the threat of having lives disrupted or on the line, it becomes a clear call for the public sector organisations to ensure they put the necessary emphasis on their cyber resilience efforts. The health industry is just the start—there are the education, transit and numerous other industries to protect too.

What is cyber resilience?

To be clear, cyber resilience is not the same as cybersecurity. Security focuses purely on protection, whereas resilience is about assuring the ability to recover and continue with business as usual. Cyber resilience includes measures of prevention but it differs to cybersecurity in that it also helps avoid data loss and downtime. Organisations need to be able to quickly get things back into an acceptable state of operation in the event that a breach or hack does actually occur.

With the public sector in South Africa increasingly adopting cloud services and other technological innovations, now is as good a time as any to focus attention on cyber resilience. In fact, it’s crucial, to ensure that governmental services are not only protected but that they continue to deliver vital public services, even in the event of a cyber attack.

What’s worrying in the local context is that many organisations don’t have any sort of plan in place. According to a Vanson Bourne and Mimecast study, only 23% of surveyed businesses and organisations in South Africa currently have a cyber resilience strategy. Even more alarming is that only half of the respondents, 53%, were completely confident that they would be able to restore all important files in the event of an email-borne ransomware attack.

These statistics are not necessarily indicative of what’s going on in the public sector but it is safe to assume that there are departments that are not fully protected, nor are they capable of resuming service in a speedy manner. Imagine a scenario where the Department of Home Affairs—a crucial cog in South Africa’s public sector—suffers a devastating attack, and consequently loses the stored data of millions of South African citizens. The results would be truly disastrous. People could potentially “not exist” because their records would be wiped and identity theft would escalate. And then there’s the issue of services being halted. The inability for the department to process the likes of birth, marriage and death certificates, for example, would bottleneck an already very busy system.

Cyber resilience for email

With the cybersecurity landscape being as perilous as it is, where does a public sector organisation—with all the pressure and personal information they deal with—even begin to focus their attention when it comes to a cyber resilience strategy? It starts with something simple: email. Email remains the number one communication channel used by South African organisations today.

Yet, email is also, unfortunately, an equally popular medium for cyber criminals to launch their attacks, which is why defending it is imperative for every organisation. According to PhishMe’s South Africa Phishing Response Trends Report, 90% of respondents have dealt with security incidents originating from deceptive emails, with nearly 20% seeing more than 500 suspicious emails weekly.

The cyber threat landscape continues to evolve. Organisations need to defend against email-borne impersonation attempts; malicious links and unknown malware attachments; threats that are internal to the organisation; as well as spam and viruses. Additionally, the proliferation of advanced cyber attacks, like ransomware, along with the continued migration of email to the cloud or hybrid environments, is requiring organisations to rethink their approach to email security. Unfortunately, many organisations rely on the built-in security of Office 365, which isn’t always effective against advanced evasive threats. An additional layer of security on any cloud service is necessary for adequate protection against these ever-changing threats.

Internal training goes a long way in teaching the workforce to prevent breaches from happening but it’s still not enough. According to a study by Friedrich-Alexander University, 78% of people claim to be aware of the risks of unknown links in emails and yet, they click anyway. Couple that statistic with the fact that hackers are constantly evolving and finding new, imaginative ways to dupe their victims and it suddenly seems like no organisation is safe. How can they be when there are so many external and even internal variables to keep in mind?

This should be concerning for organisations who only have preventative measures in place. No matter how advanced a security solution is, the human element means that it’s not a matter of if an attack is going to happen but rather when. So, even if a government department does have security measures in place, chances are that a targeted threat could slip through the system. One innocent click by an unsuspecting employee could bring the entire organisation down.

So, how can organisations ensure they minimise the impact when an attack is successful? The solution lies in a layered approach that covers all email and data security bases, encompassing advanced security, archiving and continuity

Ensuring business as usual

Breaches often lead to downtime, leaving employees unable to access everyday tools, like Microsoft Outlook or G Suite by Google Cloud. This halts the delivery of vital services, which can have disastrous consequences. It is, therefore, essential to have a continuity service in place to ensure a quick and seamless switch to an available service, should downtime due to a cyber attack occur.

For years, IT teams have built disaster recovery plans on the belief that if IT fails, you always need a plan B. Nothing changes in a cloud-first world. Unfortunately, if a cloud service fails, it could take hours or even days to get back up again. And if several government departments are using a single provider, it could result in all of them being affected at once.

Another essential ingredient in any cyber resilience strategy is a cloud-based archiving solution. Hosting all email and data with a single vendor, like Office 365, raises important questions about data assurance. Do you have an independently verifiable additional copy of your data for when you need it? Organisations need to consider the possibility of data loss or corruption after a cyber attack or technical failure. But as the Vanson Bourne and Mimecast research indicates, many organisations aren’t currently able to restore this data.

A service like the Mimecast Cloud Archive can help mitigate that risk by creating a digital corporate memory and allowing email to be restored on demand. This dramatically decreases the risk of data loss or corruption after a cyber attack, human error or technical failure. Government departments, like Home Affairs, can rest assured that sensitive data is fully encrypted and is always available, always replicated and always safe in the cloud. So, they would never need to worry about paying hackers ransom for essential data.

What makes the transition to a multipurpose archiving solution of this nature easy is the fact that it lives entirely online. All that’s needed is an Internet connection. This eliminates the need to overhaul or implement expensive infrastructure onsite and also allows for a quicker adoption and implementation, minimising and even eliminating any sort of downtime. Moreover, the Mimecast Cloud Archive works synonymously with the applications most organisations are already using, like Microsoft Office 365, Exchange and Google G Suite.

According to an international study on the cost of cyber crime, surveyed public sector organisations experienced 53 such attacks on average per week during 2017. That figure is only going to get worse in 2018 and beyond—if no measures are put in place. And the South African government organisations will suffer the same fate as more of them adopt cloud services. Thus, adopting a cyber resilience strategy is an essential consideration that every CIO in the public sector should make. Their organisations are high-value targets and because society relies on them for essential services, they should do everything in their power to ensure data and networks are always kept safe and available. 

By Brian Pinnock, Cyber Resilience Expert at Mimecast

comments powered by Disqus


This edition

Issue 68